Clop Ransomware Gang Exploits Oracle E-Business Suite Zero-Day

The Clop ransomware gang has been actively exploiting CVE-2025-61882, a critical zero-day vulnerability in the BI Publisher Integration component of Oracle E-Business Suite's Concurrent Processing product (versions 12.2.3-12.2.14), since at least early August 2025. This flaw allows unauthenticated remote code execution with a CVSS base score of 9.8 due to its ease of exploitation and lack of authentication requirements. Clop used this vulnerability to steal sensitive data from Oracle E-Business Suite servers and then engaged in extortion campaigns, emailing affected companies and demanding ransom to prevent data leaks. Harvard University was among the organizations affected, with the Clop gang listing the school on its data leak site. Oracle issued an emergency update to address the vulnerability, and the existence of a public Proof-of-Concept exploit makes immediate patching crucial. Organizations running Oracle E-Business Suite should apply patches immediately, review access logs for suspicious activity, and implement additional authentication controls for critical business applications.